Ransomware / Malware Backups will not prove enough to stop ransomware as hackers find ways to
subvert this strategy. - George Anderson, director of product marketing, Webroot
Malware campaigns will use AI to make secondary infection decisions based
on learning from previous campaigns. - Gary Hayslip, chief information security
officer, Webroot
Will see the first prolific script-based ransomware. Malware will move
away from PE (portable executable files) and into shell codes and other avenues of
attack. Authors will try to infect users outside of PE files. - Eric Klonowski,
senior advanced threat research analyst, Webroot
Security solutions will broaden their scope to consume events system wide
vs per-process and per-thread level detection to capture disjointed attacks such as
multi-processed ransomware. - Eric Klonowski, senior advanced threat research
analyst, Webroot
We will see the first health-related ransomware targeting devices like
pacemakers. Instead of ransom to get your data back, it will be ransom to save your
life. - Eric Klonowski, senior advanced threat research analyst, Webroot
The age of programmable malware will rise - with malware kits able to
morph their purposes depending on the intent of those who launch them. The same
"shell" code will be able to launch ransomware, DOS, and email bot campaigns. - Hal
Lonas, chief technology officer, Webroot
People will be injured or killed in 2018 due to a cyberattack /
cyberterrorism - moving beyond money and intellectual property to physical harm as
the objective and outcome. One could argue that this has already occurred with NSA
leaks and been kept hush hush within nation / states, but private citizens will soon
become targets. (how’s that for gloom and doom?) - Hal Lonas, chief technology
officer, Webroot

Breaches Predicting at least 3 separate breaches of at least 100 million accounts.
I bet the data is already breached as of right now, but the organization is unaware
and will learn next year. - Tyler Moffitt, Senior Threat Research Analyst, Webroot
Cybercrime for hire: There will be a high profile case of a Cyber hit job
being taken on a company or high profile individual. Basically a 3rd party paid for
breach or hit on a reputable organization to steal info, defame or attack in a
nefarious way another legitimate organization. This is another way to monetize by
offering services for hire to attack or steal from a competitor, individual or
organization that someone would like to see exposed/breached. - Frank Price, vice
president, product, Webroot

Biometric Security Continued growth in biometric services and devices with usernames and
passwords becoming the legacy choice for authentication. - Paul Barnes, senior
director product strategy, Webroot
We will see the first biometric-access-based exploits using facial
recognition or fingerprint access. - Eric Klonowski, senior advanced threat
research analyst, Webroot

Government / Security Consumer fightback - 2018 will see major a major backlash (maybe class
action lawsuits) from consumers, requiring more regulations around data protection
especially in the US. - David Kennerley, director of threat research, Webroot
An increase in Nation state cybersecurity breach activity as "cold war"
like activity continues to escalate. Where countries and organizations (i.e. ISIS)
will actually invest more into both defensive and offensive tech and skills to gain
access to information that can be leveraged in numerous ways. I think we have only
seen the early days of what’s possible and likely here. - Frank Price, vice
president, product, Webroot
Discoveries of election meddling and social media tweaking will be an
economic drag on some of the biggest tech giants in the industry - and be cause for
further scrutiny on securing devices, networks, and communications channels and
verifying identity. The tradeoffs between free speech and open digital access and
convenience will become ever more apparent. - Hal Lonas, chief technology officer,
Webroot
State sponsored service breach of critical infrastructure leading to loss
of life and an extended timeframe to return to normal operations. - Paul Barnes,
senior director product strategy, Webroot

Infosec job market Further adoption of AI leading to automation of professions similar to
Insurance underwriters, tax clerk and credit analysts. Also, AI will begin to move
into the forefront for social engineering, to quickly highlight susceptible targets
for adversarial attacks. - Paul Barnes, senior director product strategy, Webroot
CISO positions become more critical and move out of the CIO’s shadow. -
Gary Hayslip, chief information security officer, Webroot
CISO role will become mandated for all organizations that are doing
business with the Federal Government. - Gary Hayslip, chief information security
officer, Webroot
Diversity in Cyber will stay static until there is Government involvement. - Gary Hayslip, chief information security officer, Webroot

Mobile Will see the first major malware infection in Android App Store. -
Christopher Cain, associate malware removal engineer, Webroot
We will see the first widespread worming mobile phone ransomware, perhaps
spread by SMS / MMS. - Eric Klonowski, senior advanced threat research analyst,
Webroot
Ransomware is moving to be destructionware. I expect we will see this more
on mobile platforms. - Gary Hayslip, chief information security officer, Webroot

Cryptocurrency Bitcoin will be outlawed by many governments to avoid the financial
’bubbles’ and ultimately fraud we’ve seen in the past - untraceable money is in no
one’s interest except criminals - George Anderson, director of product marketing,
Webroot
Malware distribution will rise in fall in conjunction with Bitcoin Value. - Christopher Cain, Associate Malware Removal Engineer, Webroot
Another major breach on Cryptocurrency exchange will lead to substantial
decline in Bitcoin value and other major cryptocurrencies, further government
involvement will be seen with regulations beginning to form to remove some of the
original core principles around anonymity to reduce fraudulent use. Banks will be
first to create a regulated currency followed by Russia and China and possibly
followed by the big 5 tech companies - Apple (augment ApplePay), Google (augment
Android Pay), Amazon, Facebook and Microsoft. - Paul Barnes, senior director product
strategy, Webroot

UK / Brexit / GDPR UK based companies targeted for phishing/spear phishing on the fall-out
from Brexit. Targeting with specific messaging concerning Brexit and CISO type
topics -Nick Emanuel, director of product, Webroot
Companies who trade with the European Union will suddenly panic over the
requirements for GDPR and just encrypt everything in a knee jerk response -
Jonathan Giffard, senior product manager, Webroot
Due to Equifax, I expect a variant of GDPR will be legislatively enforced
on vendors here in the US. - Gary Hayslip, chief information security officer,
Webroot
GDPR challenges for service companies to comply with leading to major loss
of business as service provider are fined and customers shift to those services that
attain compliance. - Paul Barnes, senior director product strategy, Webroot

Security Industry Security subscription service offers from traditional retailers will
expand - BBY Total Tech Support being a great example. - Andy Mallinger , director
of product, global consumer segment, Webroot
On the consumer front I think we’ll see the early days of a resurgence of
the security opportunity as consumers begin to realize they need to spend to protect
themselves, not go the free route. Especially after the Equifax breach and more
mainstream media covering cyber security related topics. - Frank Price, VP of
product, Webroot
Pressures on the Security vendors to prove their breach resilience will
highlight vendors with poor practices, highlighted in global press, not just tech
publications. - Paul Barnes, senior director product strategy, Webroot
Google will block all insecure websites from being indexed and loading
into browsers, with additional security checks on websites to ensure security. Also,
the continued adoption of certificate pinning will mean that content inspection
services will be less effective and DNS based web security will be primary. - Paul
Barnes, senior director product strategy, Webroot

IoT Legislation will require IoT manufacturers to be responsible for producing
products without known defects. - Gary Hayslip, chief information security officer,
Webroot
NIST (national institute of standards and technology) will develop some
type of IoT security control framework to use as a baseline for deploying these
technologies. - Gary Hayslip, chief information security officer, Webroot
Data collected from IoT devices will be aggregated and used to develop an
even larger more involved picture of customers’ habits - major loss of privacy
without notification. - Gary Hayslip, chief information security officer, Webroot
Mass IoT breach spanning consumers and businesses, like the Mirai botnet,
this time with little ability to remediate based on attack disabling hardware and
demanding ransom. - Paul Barnes, senior director product strategy, Webroot
Pressures on ISPs to secure connected devices within the home will lead to
network security being added as a core service for the consumer. - Paul Barnes,
senior director product strategy, Webroot

MSPs MSPs reduce security vendors, focus on those who can provide features
customers want and can show reportable value. - Jonathan Giffard, senior product
manager, Webroot
MSPs struggle to meet the security and compliance needs of their customers
leading to a growth of SMB focussed compliance services and pressures on MSPs to
evolve into Security experts. Also, Cyber insurance premiums will increase based on
increased risks posed by increased attacks and low prevention capabilities. - Paul
Barnes, senior director product strategy, Webroot